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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of clairrKs in the application: 

Listing of Claims: 

1.-3. (Cancelled). 

! 

j I 

4. (Currently amended) A method of email access control, comprising the steps of: 

!! 

receiving a personalized access ticket containing a sender's identification and a 

recipient's identification in correspondence and the ^sender's identification presented bv 

ji 

from a sender from the sender who wishes to send an email to a recipient Jso as to specify the 
recipient as an intended destination of the email, the personalized access Iticket further 
containing a validity period indicating a period for which the personalized access ticket is 
valid, at a secure communication service for connecting communications [between the sender 

and the rec e iv e r recipient : j 

I j 

controlling accesses between the sender and the recipient by verifying an access right 

; i 

of the sender with respect to the recipiwt according to the personalized access ticket at the 
secure communication service and; j 

checking whether the sender's identification presented by the sender is contained as 
the sender's identification in the personalized access ticket presented by the sender, and 

refusing a delivery of the email when the sender's identification presentee! by the sender is 

j] 

not contained in the personalized access ticket presented by the sende r: akid 

checking the validity period contained in the personalized access ticket presented bv 
the sender, and refusing delivery of the email when the validity period fete expired . 

5. (Cancelled). ] 

6. (Currently amended) The method of claim & 4, wherein the validity period of the 
personalized access ticket is set by a trusted third party. 

i : 

9009763 3 ' . 
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7. (Previously presented) The method of claim 4, further comprising tjie step of; 

issuing the personalized access ticket to the sender at a directory servipe for managing an 

il 

identification of each registrant and a disclosed information of each registrant which has a 

! I 

lower secrecy than a personal information, in a state which is accessible for search by 
unspecified many, in response to search conditions specified by the sender, by using an 
identification of a registrant whose disclosed information matches the search conditions as 
the recipient's identification and the sender's identification specified by liliie sender along with 
the search conditions. J 

! i 

ij 

8. (Currently amended) The method of claim 4, further comprising the. step of: 

I I 

registering in advance the ^personalized access ticket containing an identification of a 
specific user from which a delivery of emails to a specific registrant is tojbe refused as the a 
sender's identification and an identification of the specific registrant as tifte ^recipient's 
identificatio n for the personalized access ticket registered in advance , at^the secure 
communication service; j [ 

wherein atthe controlling step the secure communication service refuses a delivery of the 

j! 

email from the sender when the personalized access ticket presented by the sender is 
registered therein in advance at the registering step. " j 

i 

9. (Original) The method of claim 8 5 further comprising the step of: . | 

deleting the personalized access ticket registered at the secure communication service 
upon request from the specific registrant who registered the personalized* access ticket at the 
registering step. ; 

;i 
j t 

10. (Currently amended) The method of claim 4, wherein the personalized access ticket 
also contains a transfer control flag indicating whether or not the sender should be 


authenticated by the secure communication service, and at Hie controllin 
transfer control flag contained in the personalized access ticket indicates 
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should be authenticated, the secure communication service authenticates; the sender's 
identification presented by the sender and refuses a delivery of the email! when an 
authentication of the sendees identification presented by the sender fails: : 


1 1 . (Currently amended) The method of claim 1 0, wherein the authentication of the 
sender's identification presented by the sender is realized by a cbal1enge/f|esponse procedure 
between the sender and the secure communication service. ; 

12. (Original) The method of claim 10, wherein the transfer control fla£ of the personalized 
access ticket is set by a trusted third party. j 

13. (Previously presented) The method of claim 4, wherein the sender's identification and 


the recipient's identification in the personalized access ticket are given by 
addresses of the sender and the recipient. j 


real email 


14, (Previously presented) The method of claim 4, wherein the sender's identification and 
the recipient's identification in the personalized access ticket are given by anonymous 
identifications of the sender and the recipient, where an anonymous identification of each 
user contains at least one fragment of an official identification of each usfer by which each 
user is uniquely identifiable by a certification authority. j 

15. (Original) The method of claim 14, wherein the anonymous identification of each user 
is an information containing the at least one fragment of the official identification of each 
user which is signed by the certification authority using a secret key of the certification 
authority. ■ i 


16. (Original) The method of claim 14, wherein the official identification of each user is a 

J ! 

character string uniquely assigned to each user by the certification authority and a public key 

of each user which are signed by a secret key of the certification authority 

1 1 

9Q097S3 2 j j 
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17. (Original) The method of claim 14, further comprising the step of; 

probabilistically identifying an identity of the sender by reconstructing 
identification of the sender by judging identity of a plurality of anonymous 
the sender contained in a plurality of personalized access tickets used by 


the official 
identifications of 
ihe sender. 


1 8. (Previously presented) The method of claim 4, wherein an anonymjqus 
each user that contains at least one fragment of an official identification 
which each user is uniquely identifiable by a certification authority and i 
each anonymous identification by which each anonymous identification 
identified are defined, and the sender's identification and the recipient's 
personalized access ticket are given by a link information of the anonymous 
the sender and a link information of the anonymous identification of the 


1 $>. (Currently amended) The method of claim 4-18, wherein the link 
anonymous identification is an identifier uniquely assigned to each anon; 
by the certification authority. 


20. (Original) The method of claim 1 8 7 further comprising the step of: 

probabilistically identifying an identity of the sender by reconstruct^ 
identification of the sender by judging identity of a plurality of anonymofjs 
the sender corresponding to the link information contained in a plurality 
access tickets used by the sender. 


2 1 . (Previously presented) The method of claim 4, wherein the person; 
contains a single sender's identification and a single recipient's identification 
correspondence. 


©009/030 


identification of 

of each user by 

1 

jlink information of 
:jan be uniquely 
identification in the 
identification of 
fecipient. 


information of each 
yimous identification 


the official 
identifications of 
af personalized 


jized access ticket 
in 1-to-l 
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©010/030 


22. (Previously presented) The method of claim 4, wherein the personalized access ticket 
contains a single sender's identification and a plurality of recipient's identifications in 1-to-N 
correspondence, where N is an integer greater than 1. 


23. (Original) The method of claim 22, wherein one identification among the single sender's 
identification and the plurality of recipient's identifications is a holder idsntification for 

identifying a holder of the personalized access ticket while other identifi jations among the 

I 

single sender's identification and the plurality of recipient's identifications are member 
identifications for identifying members of a group to which the holder belongs. 


24. (Original) The method of claim 23, further comprising the step of: 

issuing an identification of each user and an enabler of the identification 
indicating a right to change the personalized access ticket containing the 
each user as the holder identification, to each user at a certification authority, 
prescribed processing on the personalized access ticket can be carried ou : 
processing device only by a user who presented both the holder identification 
the personalized access ticket and the enabler corresponding to the holdeh identification 
the secure processing device. 


25. (Original) The method of claim 24, wherein the certification authorikjy 
of the identification of each user as an information indicating that it is the 
identification of each user itself which are signed by a secret key of the 
authority. 


of each user 
identification of 

, such that 
at a secure 

contained in 
to 


issues the enabler 
enabler and the 
certification 


KKJS7B3 2 [ 
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26. (Original) The method of claim 24, wherein the prescribed processiji|g 
generation of a new personalized access ticket, a merging of a plurality 
access rickets, a splitting of one personalized access ticket into a plurality 
access tickets, a changing of the holder of the personalized access ticket, 
validity period of the personalized access ticket, and a changing of a 
the personalized access ticket. 


includes a 
o]f personalized 
of personalized 
changing of a 
control flag of 


l transfer 


all 


27. (Original) The method of claim 26, wherein a special identification 
enabler corresponding to the special identification which are known to 
such that the generation of a new personalized access ticket and the chan; 
the personalized access ticket can be carried out by the holder of the 
ticket by using the special identification and the special enabler without 
member identification. 


and a special 
users are defined 
ing of the holder of 
personalized access 

ing an enabler of a 


i 

JO. 

uii 


28. (Original) The method of claim 27, wherein the special identification 
capable of being used only as the holder identification of the personal! 


lizeq 


29. (Original) The method of claim 26, wherein a special identification 
all users is defined such that a read only attribute can be set to the 
by using the special identification. 


30. (Currently amended) The method of claim 4, wherein at the controll 
access right of the sender with respect to the recipient is verified accordhj 
personalized access ticket, the secure communication service takes out 
identification from the personalized access ticket by using the sender's 
presented by the sender, converts the email by using a the t aken out 
into a format that can be interpreted by an email transfer function for actijially 
email delivery processing, and gives the email after conversion to the ei 
by attaching the personalized access ticket. 


the 


: recipient 1 


9009711 I 
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is defined to be 
access ticket. 


which is known to 
personalized access ticket 


ing step, when the 
I to the 
recipient's 
idjentification 

; T s identification 
carrying out a 
emlail transfer function 
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comprising the steps of: 
is uniquely 
of each user 


31. (Cancelled). 


32. (Currently amended) A method of email access control, 

defining an official identification of each user by which each user 

identifiable by a certification authority, and an anonymous identification 

containing at least one fragment of the official identification; a&4 

identifying each user by the anonymous identification of each 

for emails on a communication networkf ^wherein the anonymous identi 

is an information containing the at least one fragment of the official identification 

user which is signed by the certification authority using a secret key of die 

authority; 

receiving a personalized access ticket containing a sender's anonwious identification 


I 

user 


and a recipient's anonymous identification in correspondence, which is presented bv a sender 


who wishes to send an email to a recipient so as to specify the recipient as an intended 


destination of the email, at a secure communication service for connecting communications 


between the sender and the receiver; and 
controlling accesses between the sender and the recipient by verifying an access right 


of the sender with respect to the recipient according to the personalized access ticket at the 


secure communication service. 


33. (Previously Presented) The method of claim 32, wherein the ofificiajl 
each user is a character string uniquely assigned to each user by the certification 
and a public key of each user which are signed by a secret key of the certtifi cation 

34. (Cancelled). 


in communications 

of each 
certification 


identification of 
authority 
authority. 
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35. (Currently amended) The method of claim 34 32, further comprising] th< 

probabilistically identifying an identity of the sender at the secure 
by reconstructing the official identification of the sender while judging 
of anonymous identifications of the sender contained in a plurality of personalized access 
tickets used by the sender. 


e step of: 
communication service 
identity of a plurality 


36. (Previously presented) The method of claim 32, wherein the defining 
a link information of each anonymous identification by which each anoni^mous 
can be uniquely identified, and each anonymous identification also 
information of each anonymous identification. 


37. (Original) The method of claim 36, wherein the link information of 
identification is an identifier uniquely assigned to each anonymous identification 
certification authority. 


38. (Currently amended) 


©013/030 


step also defines 
identification 
contains the link 


qach anonymous 
by the 


The method of claim 36, wherein furth e r comprising tho stops 


— r e c e iving a the p ersonalized access ticket contains containing a link i: 
sender's anonymous identification and a link information of a-the recipi 
identification in corroopondonoo, wk i ok is pr e sent e d by a s e nder who wis 


information of a-the 
t T s anonymous 
h o s to aond an e mail 


pient 1 


to a r e cipiont so as to specify the recipi e nt as an intended d e stination of the email, at a s e cur e 
communication s e rvice for conn e cting communications between the senc or and tho receiv e r; 


■ controlling accesses between tho sender and tho rocipiont by verifying 


an acc e ss right of 


ifa e- s e tid e r with respect to the recipient according to tho porsonaliao 4- acc e ss tick e t at th e 


secur e communication s e rvie e. 


9O097B3.2 
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39. (Original) The method of claim 38, further comprising the step of; 

probabilistically identifying an identity of the sender by reconstructing 
identification of the sender while judging identity of a plurality of anonymous 
of the sender corresponding to the link information contained in a plurality 
access tickets used by the sender. 


40ML (Cancelled). 

42. (Currently amended) A communication system realizing email accejss control, 
comprising: 

a communication network to which a plurality of user terminals ate connected; 

a secure communication service device for connecting communications between a 
sender and a receiver on the communication network, by receiving a personalized access 
ticket containing a sender's identification and a recipient's identification ni correspondence, 
which is presented by a sender who wishes to send an email to a recipient so as to specify the 
recipient as an intended destination of the email, the personalized access ticket further 


containing a validity period indicating a period for which the personalized access ticket is 


valid, authenticating and controlling accesses between the sender and the 
verifying an access right of the sender with respect to the recipient according 
personalized access ticket and bv checking the validity period contained 


recipient by 

to the 
in the personalized 


access ticket presented bv the sender, and refusing delivery of the email when the validity 


period has expired ; and 

a secure processing device for issuing the personalized access ticket which is signed 
by a secret key of the secure processing device; 

wherein the secure communication service device authenticates th|< 
access ticket by verifying a signature of the secure processing device in i 
access ticket using a public key of the secure processing device. 


©014/030 


the official 

identifications 
of personalized 


e personalized 
personalized 


the 
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43. (Currently amended) The system of claim 40 42 , wherein the secure 
service device also receives the a_sender's identification presented by the 
the personalized access ticket, checks whether the sender's identification 
sender is contained in the personalized access ticket presented by the seiner 
delivery of the email when the sender's identification presented by the sender 
contained in the personalized access ticket presented by the sender, 

44. (Cancelled). 


45. (Currently amended) The system of claim 44 42 , further comprising 
a trusted third party for setting the validity period of the personalized 


access ticket. 


registrant 


46. (Currently amended) The system of claim 42, further comprising 

a directory service device for managing an identification of each 
disclosed information of each registrant which has a lower secrecy than 
information, in a state which is accessible for search by unspecified mani 
personalized access ticket to the sender in response to search conditions 
sender, by using an identification of a registrant whose disclosed information 
search conditions as the recipient's identification and the sender's identification 
the sender along with the search conditions. 


47. (Currently amended) The system of claim 42, wherein the secure coihmunication 
service device registers in advance the zrperson aliped access ticket containing 
identification of a specific user from which a delivery of emails to a speciiic 
be refused as the ^sender's identification and an identification of the spec 
^recipient's identification of the personalized access ticket registered in 


a delivery of the email from the sender when the personalized access tickjet presented by the 
sender is registered therein in advance. 


communication 
sender along with 
^resented by the 
and refuses a 
is not 


©015/030 


and asd a 
personal 
, and issuing the 
specified by the 
matches the 
specified by 


an 

registrant is to 
fic registrant as &e 
idvance, and refuses 
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48. (Original) The system of claim 47, wherein the secure communicati dii 
deletes the personalized access ticket registered therein upon request frorr. 
registrant who registered the personalized access ticket. 


49. (Currently amended) The system of claim 42, wherein the persona 
also contains a transfer control flag indicating whether or not the sender 
authenticated by the secure communication service, and when the transfer 
contained in the personalized access ticket indicates that the sender should 
the secure communication service device authenticates the sender's i 
by the sender and refuses a delivery of the email when an authentication 
identification presented bv the sender fails. 


©016/030 


service device 
the specific 


ized access ticket 
should be 
control flag 
be authenticated, 
dentification presented 
3f the sender's 


50. (Currently amended) The system of claim 49, wherein the autheifoti cation of the 
sender's identification presented by the sender is realized by a challenge/response procedure 
between the sender and the secure communication service device. 


5 L (Original) The system of claim 49, farther comprising a trusted thircf 
the transfer control flag of the personalized access ticket. 

52. (Previously presented) The system of claim 42, wherein the sender' 
the recipient's identification in the personalized access ticket are given b> 
addresses of the sender and the recipient. 

53 . (Previously presented) The system of claim 42, further comprising: 
a certification authority device for issuing an anonymous identification 

contains at least one fragment of an official identification of each user by 
uniquely identifiable by the certification authority device; 

wherein the sender's identification and the recipient's identification in 
access ticket are given by anonymous identifications of the sender and this 


party for setting 


identification and 
real email 


of each user which 
which each user is 

the personalized 
recipient. 
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54. (Original) The system of claim 53, wherein the anonymous identification 
an information containing the at least one fragment of the official identif l 
which is signed by the certification authority device using a secret key o 
authority device. 


55. (Original) The system of claim 53, wherein the official identification 
character string uniquely assigned to each user by the certification author ty 
public key of each user which are signed by a secret key of the certification 


56. (Original) The system of claim 53, wherein the secure communication 
probabilistically identifies an identity of the sender by reconstructing the 
identification of the sender while judging identity of a plurality of anonyjious 
of the sender contained in a plurality of personalized access tickets used 


57. (Previously presented) The system of claim 42, further comprising: 
a certification authority device for issuing an anonymous identification 
contains at least one fragment of an official identification of each user by 
uniquely identifiable by the certification authority device and a link inforjnation 
anonymous identification by which each anonymous identification can 
identified; 

wherein the sender's identification and the recipient's identification in 
access ticket are given by a link information of the anonymous identification 
and a link information of the anonymous identification of the recipient. 


.be 


58, (Original) The system of claim 57, wherein the link information of e 2 ich anonymous 


of each user is 
nation of each user 
the certification 


service device 
official 

identifications 
iy the sender. 


identification is an identifier uniquely assigned to each anonymous identi 
certification authority device. 


PAGE 17/30 1 RCVD AT 2/21/2006 10:07:57 AM [Eastern Standard Time] < SVR:USPTO-EFXRF-6/35 1 DNIS:2738300 1 CSID:404 815 6555 ■ DURATION (mm-ss):10-O4 


of each user is a 
device and a 
authority device. 


of each user which 
which each user is 

of each 
uniquely 


the personalized 
of the sender 


Jcation by the 


02/21/2006 10:11 FAX 404 815 6555 


KS 


Appln. No. Serial No. 09/277,417 
Amdt. Dated 2/20/06 

Fifth Response in Appln, Reply to Office Action of 10/18/2005 
Page 14 of 26 


59. (Original) The system of claim 57, wherein the secure communicat on 
probabilistically identifies an identity of the sender by reconstructing the 
identification of the sender while judging identity of a plurality of anonyjmous 
of the sender corresponding to the link information contained in a plural 
access tickets used by the sender. 


service device 
official 

identifications 
Ay of personalized 


60. (Previously presented) The system of claim 42, wherein the personalized 
contains a single sender's identification and a single recipient's identification 
correspondence. 


6 1 . (Previously presented) The system of claim 42, wherein the personalized access ticket 
contains a single sender's identification and a plurality of recipient's identifications in 1-to-N 
correspondence, where N is an integer greater than 1. 


62. (Original) The system of claim 61 3 wherein one identification amon 
identification and the plurality of recipient's identifications is a holder 
identifying a holder of the personalized access ticket while other identifications 
single sender's identification and the plurality of recipient's identification^ 
identifications for identifying members of a group to which the holder bellongs 


cn 


tie 


63. (Original) The system of claim 62, further comprising: 

a certification authority device for issuing to each user an identificati 
an enabler of the identification of each user indicating a right to change 
access ticket containing the identification of each user as the holder identification; 

a secure processing device at which prescribed processing on the 
ticket can be carried out only by a user who presented both the holder identification 
contained in the personalized access ticket and the enabler correspondin, 
identification to the secure processing device. 


S0O97B3.2 


S1018/030 


access ticket 
in 1-to-l 


the single sender's 
identification for 

among the 
are member 


of each user and 
personalized 


ion; and 
access 


to the holder 
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64. (Original) The system of claim 63, wherein the certification authori ty 
enabler of the identification of each user as an information indicating tha|t 
and the identification of each user itself which are signed by a secret key 
authority device. 


65. (Original) The system of claim 63 , wherein the prescribed processing includes a 
generation of a new personalized access ticket, a merging of a plurality off personalized 
access tickets, a splitting of one personalized access ticket into a plurality < 
access tickets, a changing of the holder of the personalized access ticket, 
validity period of the personalized access ticket, and a changing of a transfer control flag of 
the personalized access ticket. 


©019/030 


y device issues the 
it is the enabler 
:>f the certification 


of personalized 
changing of a 


aid 


66. (Original) The system of claim 65„ wherein a special identification 
corresponding to the special identification which are known to all users aire 
the generation of a new personalized access ticket and the changing of thje 
personalized access ticket can be carried out by the holder of the persona 
by using the special identification and the special enabler without using m 
member identification. 


67. (Original) The system of claim 66, wherein the special identificatior, 
capable of being used only as the holder identification of the personalized 


68. (Original) The system of claim 65, wherein a special identification \Mhich is known to 
all users is defined such that a read only attribute can be set to the personalized access ticket 
by using the special identification. 


a special enabler 
defined such that 
holder of the 
zed access ticket 
enabler of a 


is defined to be 
access ticket. 


90097«.2 
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access right of the 
access ticket, the 
cin from the 
the sender, 
format that can be 
delivery 
function by attaching 


by 


69. (Previously presented) The system of claim 42, wherein when the 
sender with respect to the recipient is verified according to the personalised 
secure communication service device takes out the recipient's identificati 
personalized access ticket by using the sender's identification presented 
converts the email by using a the taken out recipient's identification into 
interpreted by an email transfer function for actually carrying out a email 
processing, and gives the email after conversion to the email transfer 
the personalized access ticket. 

70. (Cancelled). 

71 . (Currently amended) A communication system realizing email acpess control, 
comprising; 

a certification authority device for defining an official identification 
which each user is uniquely identifiable by the certification authority devi 
anonymous identification of each user which contains at least one fragment 
identification wherein the anonymous identification of each user contains 
fragment of the official identification of each user which is signed by the 
authority device using a secret key of the certification authority device; 

an access control device for controlling email accesses to a comm]unication network 
on which each user is identified by the anonymous identification of each user in 
communications for emails on the communication networkiand 

a secure communication service device for connecting commimidttions between users 


of each user by 
ice, and an 

of the official 
the at least one 
;ertification 


on the communication network by receiving a personalized access ticket aontaining a 


sender's anonymous identification and a recipient's anonymous identificak 


correspondence, which is presented by a sender who wishes to send an email to a recipient so 


as to specify the recipient as an intended destination of the email, and controlling accesses 


between the sender and the recipient by verifying an access right of the sender with respect to 


the recipient according to the personalized access ticket , 
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72. (Previously presented) The system of claim 71, wherein the official identification of 
each user is a character string uniquely assigned to each user by the certification authority 
device and a public key of each user which are signed by a secret key of fhe certification 
authority device. 

73. (Cancelled). 

74. (Currently amended) The system of claim 73-71, wherein the seiure communication 
service device probabilistically identifies an identity of the sender by rec mstructing the 
official identification of the sender while judging identity of a plurality oE anonymous 
identifications of the sender contained in a plurality of personalized accejik tickets used by 
the sender. 


75. (Previously presented) The system of claim 71, wherein the 
device also defines a link information of each anonymous identification 
anonymous identification can be uniquely identified, and each anonymoiji 
contains the link information of each anonymous identification, 


76. (Original) The system of claim 75, wherein the link information of 
identification is an identifier uniquely assigned to each anonymous 
certification authority device. 


certification authority 
by which each 
w identification also 


qach anonymous 
identification by the 
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77. (Currently amended) The system of claim 75, further comprising \ 
— a secur e communication service devic e for connecting communication s between th e 


n n ndnr . nnri thn rocnivflr on th e communication notwork, by receiving a wherein the 
personalized access ticket contains containing a link information of a the 
identification and a link information of a-the r ecipient's anonymous ident 
correspondence— which is present e d by a s e nder who wishoG to send an e ijnail 


as to specify th e recipient as an int e nd e d - destination of the email, and controlling accesses 
b e tw ee n - the condoFand the recipi e nt by v e rifying on acoocG right of the s is rider with r e sp e ct to 


th e recipi e nt according to th e p e reoaak - zcd access tick e t . 


78. (Original) The system of claim 77, wherein the secure comtro 
probabilistically identifies an identity of the sender by reconstructing the 
identification of the sender while judging identity of a plurality of link inf 
anonymous identifications of the sender contained in a plurality of perso: 
tickets used by the sender. 

79. -81, (Cancelled). 

82. (Currently amended) A secure communication service device for use in a 
communication system realizing email access control, comprising: 
computer hardware; and 

computer software for causing the computer hardware to connect 
between a sender and a receiver by receiving a personalized access ticket 
sender's identification and a recipient's identification in correspondence, 


S1022/030 


sender's anonymous 
i cation in 

to a recipi e nt so 


mnicatifojn service device 
official 
>rmations of 
dalized access 


- i otnmunications 
t containing a 
ilbich is presented 


by a-the sender who wishes to send an email to ar-tbe recipient so as to specify the recipient as 
an intended destination of the email, the personalized access ticket further containing a 


validity period indicating a period for which the personalized access ticket is valid, and 


controlling accesses between the sender and the recipient by verifying an 
sender with respect to the recipient according to the personalized access 


ti 


access right of the 
:ket; 
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wherein the computer software causes the computer hardware to 
sender's identification presented by the sender along with the personalis 
check whether the sender's identification presented by the sender is contiJined 
personalized access ticket presented by the sende r and whether the validity 


in the personalized access ticket presented bv the sender has expired, and 


the email when the sender's identification presented by the sender is not 
personalized access ticket presented by the sende r or when the 


refuse a delivery of 
dontained in the 
validity p|eriod has expired . 


83. (Cancelled). 

84. (Currently amended) The secure communication service device of dllaim 
computer software causes the computer hardware to register in advance 
access ticket containing an identification of a specific user from which a 
a specific registrant is to be refused as the a.sender's identification and an 
the specific registrant as 4he ^recipient's identification for the personahzi 


1 1l1«w 


registered in advance, at the secure communication service device, and 
the email from the sender when the personalized access ticket presented 
registered at the secure communication service device in advance. 


85. (Original) The secure communication service device of claim 84. 
software causes the computer hardware to delete the personalized access 
the secure communication service device upon request from the specific 
registered the personalized access ticket. 


0023/030 


lso receive the 
i access ticket, 
in the 
period contained 


82 3 wherein the 
ajpersonalized 
delivery of emails to 
identification of 
d access ticket 


reruse 


a delivery of 
iy the sender is 


wJjereim 


the computer 
ticket registered at 
registrant who 


86. (Previously presented) The secure communication service device of claim 82, wherein 
the personalized access ticket also contains a transfer control flag indicatimg whether or not 
the sender should be authenticated by the secure communication service device, and when 
the transfer control flag contained in the personalized access ticket indicates that the sender 
should be authenticated, the computer software causes the computer hardware to authenticate 

9C097UJ.2 
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the sender's identification presented by the sender and refuse a delivery c 
authentication of the sender's identification presented b v the sender fails. 


87. (Currently amended) The secure communication service device of claim 86, wherein 
the computer software causes the computer hardware to realize the authentication of the 
sender's identification presented by the sender by a challenge/response procedure between 
the sender and the secure communication service device. 


©024/030 


the email when an 


where ; 


88. (Previously presented) The secure communication service device o: 7 
the sender's identification and the recipient's identification in the persona 
are given by anonymous identifications of the sender and the recipient 
identification of each user contains at least one fragment of an official i 
user by which each user is uniquely identifiable by a certification authority 
software also causes the computer hardware to probabilistically identify 
sender by reconstructing the official identification of the sender by judguj^ 
plurality of anonymous identifications of the sender contained in a plural 
access tickets used by the sender. 


claim 82, wherein 
ized access ticket 
an anonymous 
identification of each 
, and the computer 
identity of the 
identity of a 
ty of personalized 


S9. (Previously presented) The secure communication service device oi 


an anonymous identification of each user that contains at least one fragment of an official 
identification of each user by which each user is uniquely identifiable by a certification 
authority and a link information of each anonymous identification by which each anonymous 
identification can be uniquely identified are defined, the sender's identification and the 
recipient's identification in the personalized access ticket are given by a 1 
the anonymous identification of the sender and a link information of the 
identification of the recipient, and the computer software also causes the 
to probabilistically identify an identity of the sender by reconstructing the 
identification of the sender by judging identity of a plurality of anonymou 


claim 82, wherein 


nk information of 
4]ionymous 

omputer hardware 

official 

i identifications of 
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the sender corresponding to the link information contained in a plurality 
access tickets used by the sender. 

90. (Previously presented) The secure communication service device o: 
when the access right of the sender with respect to the recipient is verifie 


personalized access ticket, the computer software causes the computer he idwaie to take out 


the recipient's identification from the personalized access ticket by using i 
identification presented by the sender, convert the email by using athe ta ten out recipient's 
identification into a format that can be interpreted by an email transfer function for actually 
carrying out a email delivery processing, and give the email after conversion to the email 
transfer function by attaching the personalized access ticket. 


personalized 


claim 82 3 wherein 
according to the 


tihe sender's 


91.-96. (Cancelled). 


secure 


97. (Currently amended) A computer usable medium having co: 
code means embodied therein for causing a computer to function as a 
service device for use in a communication system realizing email access 
computer readable program code means includes: 

first computer readable program code means for causing said 
personalized access ticket containing a sender's identification and a recipient's 
in correspondence, which is presented by a sender who wishes to send an 
so as to specify the recipient as an intended destination of the emailjhe 


rnputcji| readable program 
communication 
control, the 


ticket further containing a validity period i ndicating a period for which ttjc personalized 
access ticket is valid ; and 


ght 


second computer readable program code means for causing said 
accesses between the sender and the recipient by verifying an access rij 
respect to the recipient according to the personalized access ticket, so as 
communications between the sender and the receiver on the cornmunicat: 


corrifcmter to receive a 
identification 
email to a recipient 
tifersonalized access 


computer to control 
of the sender with 
- 6 connect 
on network; 
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wherein the second computer readable program code means causes said computer to 
authenticate the personalized access ticket presented by the sender, check w hether the 


validity period contained in the personalized access ticket presented bv the sender has 


expired, and refuse a delivery of the email when the personalized access 
the sender has been altered or when the validity period has expired . 


ticket presented by 


98. (Original) The computer usable medium of claim 97, wherein the 
ticket is signed by a secret key of a secure processing device which issuet 
access ticket, and the second computer readable program code means catises 
to authenticate the personalized access ticket by verifying a signature 
processing device in the personalized access ticket using a public key of 
processing device. 


personalized access 
the personalized 
said computer 
secure 
ne secure 


of the 


receive 


personalized 


sendcx' 


99. (Previously presented) The computer usable medium of claim 97, 
computer readable program code means causes said computer to also 
identification presented by the sender along with the personalized access 
second computer readable program code means causes said computer to 
sender's identification presented by the sender is contained in the 
presented by the sender and refuse a delivery of the email when the 
presented by the sender is not contained in the personalized access 
sender. 

100. (Cancelled). 

101. (Previously presented) The computer usable medium of claim 97, wierein the second 
computer readable program code means causes said computer to register in advance the a 
personalized access ticket containing an identification of a specific user f *om which a 
delivery of emails to a specific registrant is to be refused as the sender's i: entification and an 
identification of the specific registrant as the recipient's identification for tlhe personalized 


0026/030 


^herein the first 
the sender's 
tlicket, and the 
check whether the 
access ticket 
's identification 
ticket ^presented by the 


PAGE 26130 * RCVD AT 2/21/2006 10:07:57 AM [Eastern Standard Time] ' SVR:USPTO-EFXRF«6/35 < DNIS:273S300 * CS1D:404 815 6555 < DURATION (mm-ss):10-04 


02/21/2006 10:13 FAX 404 815 6555 


KS 


Appln. No, Serial No. 09/277,417 
Amdt Dated 2/20/06 

Fifth Response in Appln, Reply to Office Action of 10/18/2005 
Page 23 of 26 


access ticket registered in advance , at the secure communication service 
delivery of the email from the sender when the personalized access tickdt 
sender is registered at the secure communication service device in advance. 


102. (Original) The computer usable medium of claim 101, wherein the 
readable program code means causes said computer to delete the persona 
registered at the secure communication service device upon request from 
registrant who registered the personalized access ticket. 


1 03. (Previously presented) The computer usable medium of claim 97, 
personalized access ticket also contains a transfer control flag indicating 
sender should be authenticated by the secure communication service devji 
transfer control flag contained in the personalized access ticket indicates 
should be authenticated, the second computer readable program code 
computer to authenticate the sender's identification presented by the 
delivery of the email when an authentication of the sender's identification 
sender fails. 


me ins 


sencer 


the 


104. (Currently amended) The computer usable medium of claim 103, 
computer readable program code means causes said computer to realize 
the sender's identification presented by the sender by a challenge/responsje 
between the sender and the secure communication service device. 


lerein the sendees 
ticket are given by 


105. (Previously presented) The computer usable medium of claim 97, \i 
identification and the recipient's identification in the personalized access 
anonymous identifications of the sender and the recipient, where an anonlrmous 
identification of each user contains at least one fragment of an official identification of each 
user by which each user is uniquely identifiable by a certification author! :y 5 and the second 
computer readable program code means also causes said computer to probabilistically 


@]027/030 


device, and refuse a 
presented by the 


second computer 
ized access ticket 
the specific 


\ wherein the 
whether or not the 
:e, and when the 
l|hat the sender 
causes said 
and refuse a 
presented by the 


wjherein the second 
authentication of 
procedure 
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identify an identity of the sender by reconstructing the official identificat 
judging identity of a plurality of anonymous identifications of the sender 
plurality of personalized access tickets used by the sender. 


on of the sender by 
contained in a 


ch 


identification 


106. (Previously presented) The computer usable medium of claim 97, 
anonymous identification of each user that contains at least one fragment j)f 
identification of each user by which each user is uniquely identifiable by 
authority and a link information of each anonymous identification by wh 
identification can be uniquely identified are defined, the sender's 
recipient's identification in the personalized access ticket are given by a 1 
the anonymous identification of the sender and a link information of the 
identification of the recipient, and the second computer readable prograrr 
causes said computer to probabilistically identify an identity of the sende- 
the official identification of the sender by judging identity of a plurality c: 
identifications of the sender corresponding to the link information contaiijibd 
personalized access tickets used by the sender. 


0O28/O3O 


1 07. (Currently amended) The computer usable medium of claim 97, 
access right of the sender with respect to the recipient is verified accordir 
personalized access ticket, the second computer readable program code 
computer to take out the recipient's identification from the personalized 
using the sender's identification presented by the sender, convert the emal 
taken out recipients identification into a format that can be interpreted by 
function for actually carrying out a email delivery processing, and give 
conversion to the email transfer function by attaching the personalized 

108. -112. (Cancelled). 


tie 


vrnerein an 
an official 
certification 
each anonymous 

and the 
information of 
anonymous 
code means also 
by reconstructing 
anonymous 
in a plurality of 


whlerein when the 
3; to the 
nheans causes said 
ajccess ticket by 
by using a the 
an email transfer 
email after 
acfeess ticket 
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